- National Cyber Security Centre (#NCSC) - World Password Day: (https://www.nicybersecuritycentre.gov.uk/world-password-day): The UK's NCSC provides a comprehensive guide on World Password Day, including a "Password Pledge" with tips for creating and managing strong passwords, information on compromised passwords, and additional resources.
- Have I Been Pwned? (https://haveibeenpwned.com/): Check if your email address or phone number has been compromised in a data breach.
- Password Manager Reviews: Find a reputable password manager that suits your security needs. Consider and research options like 1Password, Bitwarden, Dashlane, or LastPass carefully! https://www.techradar.com/best/password-manager
- Two-Factor Authentication (2FA) Guides: Learn how to enable 2FA on your online accounts for added security. https://2fa.directory/gb/
Authentication Methods 1,2,3 Some Pros, Cons, Good Practices.
Passwords 1,2,3 Pros, Cons, Good Practices.
- Widely adopted, easy to implement, familiar to users.
- Easily forgotten, susceptible to brute-force and phishing attacks, often reused across multiple accounts.
- Use strong, unique passwords (12+ characters, mixed case, numbers, symbols) for each account. Use a good password manager. Enable MFA everywhere.
Passphrases 1,2,3 Pros, Cons, Good Practices.
- Easier to remember than complex passwords, can be longer and more secure, resistant to brute-force attacks.
- Some websites may have character limits, not suitable for all applications, still vulnerable to phishing attacks.
- Use a combination of unrelated words (4+ words), include numbers and symbols if possible, use a good password manager, consider a random passphrase generator, also Enable MFA everywhere.
Passwordless Authentication 1,2,3 Pros, Cons, Good Practices.
- Eliminates the need to remember passwords, more secure than traditional passwords, convenient for users.
- Not universally supported, can be complex to implement, potential security risks if the authentication method is compromised.
- Use a combination of passwordless methods (biometrics, hardware tokens, one-time codes), implement strong security measures (encryption, secure protocols), educate users. https://miracl.com/blog/
Passkeys 1,2,3 Pros Cons Good Practices
- Phishing-resistant, easy to use, built on industry standards, no passwords to remember or manage.
- Requires compatible devices and websites, still in early stages of adoption.
- Use passkeys whenever possible on supported websites and devices, ensure devices are secure, keep software updated. https://www.yubico.com/blog/a-yubico-faq-about-passkeys/
- Security: Passkeys and passwordless authentication are generally the most secure options, followed by passphrases and then passwords.
- Ease of use: Passkeys and passwordless authentication are the most convenient options, followed by passphrases and then passwords.
- Compatibility: Passwords are currently the most widely supported option, but passkeys are gaining adoption.
Use strong, unique passwords or phrases: Create passwords or phrases with at least 12 characters, including a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable information or reusing passwords across multiple accounts. https://bitwarden.com/password-generator/
- Use a password manager: A password manager securely stores and generates complex passwords for you and then consider a "master password" or hard token, bio-metric authentication method, simplifying the process of managing multiple accounts.
- Enable two-factor authentication (2FA): Add an extra layer of security everywhere by requiring a second verification step, such as a code sent to your phone, in addition to your password.
- Regularly update your passwords: Change your passwords periodically, especially for sensitive accounts like email, banking, and social media.
- Be mindful of phishing scams: Be cautious of emails or messages requesting your password or personal information. Legitimate organizations will never ask for your password directly.
Choosing the right method:
The best method for you depends on your individual needs and the specific application. Consider the security risks, convenience, and compatibility factors when making your decision. It's also a good idea to use a combination of methods for added protection.
Hopefully by utilising these resources and following the provided advice, you can take proactive steps to strengthen your password security and protect your online accounts from unauthorized access. Remember, World Password Day serves as an important reminder to prioritize your digital security and adopt best practices for password management.